Paper 2022/1625

Efficient Threshold FHE with Application to Real-Time Systems

Siddhartha Chowdhury, Indian Institute of Technology Kharagpur
Sayani Sinha, Indian Institute of Technology Kharagpur
Animesh Singh, Indian Institute of Technology Kharagpur
Shubham Mishra, University of California, Berkeley
Chandan Chaudhary, Indian Institute of Technology Kharagpur
Sikhar Patranabis, IBM Research, India
Pratyay Mukherjee, SupraOracles Research
Ayantika Chatterjee, Indian Institute of Technology Kharagpur
Debdeep Mukhopadhyay, Indian Institute of Technology Kharagpur

Threshold Fully Homomorphic Encryption (ThFHE) enables arbitrary computation over encrypted data while keeping the decryption key distributed across multiple parties at all times. ThFHE is a key enabler for threshold cryptography and, more generally, secure distributed computing. Existing ThFHE schemes inherently require highly inefficient parameters and are unsuitable for practical deployment. In this paper, we take the first step towards making ThFHE practically usable by (i) proposing a novel ThFHE scheme with a new analysis resulting in significantly improved parameters; (ii) and providing the first practical ThFHE implementation benchmark based on Torus FHE. • We propose the first practical ThFHE scheme with a polynomial modulus-to-noise ratio that supports practically efficient parameters while retaining provable security based on standard quantum-safe assumptions. We achieve this via a novel Rényi divergence-based security analysis of our proposed threshold decryption mechanism. • We present an optimized software implementation of a Torus-FHE based instantiation of our proposed ThFHE scheme that builds upon the existing Torus FHE library and supports (distributed) decryption on highly resource-constrained ARM-based handheld devices. Along the way, we implement several extensions to the Torus FHE library, including a Torus-based linear integer secret sharing subroutine to support ThFHE key sharing and distributed decryption for any threshold access structure. We illustrate the efficacy of our proposal via an end-to-end use case involving encrypted computations over a real medical database, and distributed decryptions of the computed result on resource-constrained ARM-based handheld devices.

Note: 1. The security definition of threshold FHE in Section 3.3 is adapted from [JRS17] in the current e-print version. Also, the proof of security of our proposed threshold FHE scheme has been modified accordingly. 2. Appendix A has been moved to Section 3.1, Appendix B and C have been moved to Section 4.4 and 4.6 respectively.

Available format(s)
Cryptographic protocols
Publication info
FHEThreshold DecryptionLISSSTorusRényi Divergence
Contact author(s)
siddhartha chowdhury92 @ gmail com
sayanisinhamid @ gmail com
sanimesh005 @ gmail com
grapheo12 @ gmail com
cchaudhary278 @ gmail com
sikharpatranabis @ gmail com
pratyay85 @ gmail com
cayantika @ gmail com
debdeep mukhopadhyay @ gmail com
2023-06-01: last of 4 revisions
2022-11-22: received
See all versions
Short URL
Creative Commons Attribution


      author = {Siddhartha Chowdhury and Sayani Sinha and Animesh Singh and Shubham Mishra and Chandan Chaudhary and Sikhar Patranabis and Pratyay Mukherjee and Ayantika Chatterjee and Debdeep Mukhopadhyay},
      title = {Efficient Threshold FHE with Application to Real-Time Systems},
      howpublished = {Cryptology ePrint Archive, Paper 2022/1625},
      year = {2022},
      note = {\url{}},
      url = {}
Note: In order to protect the privacy of readers, does not use cookies or embedded third party content.